Selected viruses, spyware, and other threats: sorted alphabetically
Installation
When executed, the worm copies itself in the following locations:
In order to be executed on every system start, the worm sets the following Registry entries:%system%\Negdo.exe
%system%\Juegs.exe
%windir%\Cfreer.exe
%windir%\Nzil.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsUpdate" = "%windir%\Cfreer.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows" = "%windir%\Nzil.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemUpdate" = "%system%\Negdo.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"System" = "%system%\Juegs.exe"
The worm displays the following message:
Component "COMDLG32.OCX" or one of its dependencies no correctly registered a file is missing or invalid.
Spreading via IM networks
The worm sends links to MSN Messenger users. The messages contain the follwoing text:
If the link is clicked, a copy of the worm is retrieved from the Internet.Hey mira esta animacion de bush :P
Other information
The worm terminates applications associated with windows with any of the following strings in the name:
Administrador de tareas de Windows
Windows Task Manager
Editor del Registro
Registry Editor
Restaurar sistema
System Restore
